American Tooling Center: U.S. District Court finds no Coverage for Social Engineering Fraud Loss under Crime Policy’s Computer Fraud Insuring Agreement

By David S. Wilson, Chris McKibbin and Stuart M. Woody

On August 1, 2017, the U.S. District Court for the Eastern District of Michigan released its decision in American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America. The Court held that a vendor impersonation fraud loss did not fall within the terms of a crime policy’s computer fraud coverage. In coming to this conclusion, the Court found there was no direct causal link between the receipt of fraudulent emails by an insured requesting payment to the fraudster’s bank account, and the insured’s authorized transfer of funds to that bank account.

The Facts

American Tooling Center (“ATC”) is a tool and die manufacturer that outsources some of its work to third-party vendors. One of its legitimate third-party vendors is Shanghai YiFeng Automotive Die Manufacture Co., Ltd. (“YiFeng”). ATC typically sends payment to YiFeng at the completion of various production milestones.

ATC fell victim to a vendor impersonation fraud, which is one of the most common forms of social engineering fraud. On March 18, 2015, ATC’s Vice-President and Treasurer received an email purportedly sent by YiFeng requesting payment to a new bank account. The email in question was sent from the domain name “@yifeng-rnould.com”, which resembled the legitimate domain name “@yifeng-mould.com”. ATC’s Vice-President and Treasurer verified that the applicable production milestones were satisfied, but did not verify the new banking information before wiring approximately $800,000 to the new bank account. When it came to light that YiFeng had never been paid the amounts it was owed, ATC submitted a claim to Travelers.

The Computer Fraud Coverage

ATC’s policy with Travelers provided coverage for:

… the Insured’s direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.

The Travelers policy defined “Computer Fraud” as:

The use of any computer to fraudulently cause a transfer of Money, Securities or Other Property from inside the Premises or Financial Institution Premises:

1. to a person (other than a Messenger) outside the Premises or Financial Institution Premises; or

2. to a place outside the Premises or Financial Institution Premises.

Travelers took the view that, given the intervening events between the receipt of the fraudulent emails and the authorized transfer of funds, ATC had not suffered a direct loss directly caused by the use of any computer.

The Court agreed, observing that:

the fraudulent emails did not “directly” or immediately cause the transfer of funds from ATC’s bank account. Rather, intervening events between ATC’s receipt of the fraudulent emails and the transfer of funds (ATC verified production milestones, authorized the transfer, and initiated the transfer without verifying bank account information) preclude a finding of “direct” loss “directly caused” by the use of any computer.

The Court relied upon the Fifth Circuit’s recent Apache decision (see our October 24, 2016 post), making specific reference to that court’s observation that:

To interpret the computer-fraud provision as reaching any fraudulent scheme in which an email communication was part of the process would … convert the computer-fraud provision to one for general fraud.

The Court then considered other recent computer fraud decisions, such as Pestmaster (see our August 4, 2016 post) and InComm (see our March 22, 2017 post). Applying the principles from these decisions to the case at bar, the Court concluded:

Although fraudulent emails were used to impersonate a vendor and dupe ATC into making a transfer of funds, such emails do not constitute the “use of any computer to fraudulently cause a transfer.” There was no infiltration or “hacking” of ATC’s computer system. The emails themselves did not directly cause the transfer of funds; rather, ATC authorized the transfer based upon the information received in the emails. The Ninth Circuit [in Pestmaster] has interpreted the phrase “fraudulently cause a transfer” to “require the unauthorized transfer of funds.”[:] “Because computers are used in almost every business transaction, reading this provision to cover all transfers that involve both a computer and fraud at some point in the transaction would convert this Crime Policy into a ‘General Fraud’ Policy.” See also Incomm … (noting that “courts repeatedly have denied coverage under similar computer fraud provisions, except in cases of hacking where a computer is used to cause another computer to make an unauthorized, direct transfer of property or money”). [emphasis added]

The Court granted summary judgment in favour of Travelers.

Conclusion

 American Tooling Center represents another decision in a growing line of jurisprudence which holds that there is no coverage for vendor impersonation and other social engineering fraud losses under traditional commercial crime coverages. The insurance industry has responded by introducing social engineering fraud-specific coverage, which allows insureds to obtain coverage for certain types of losses that fall outside the coverage provided under traditional policy wordings.

Given the increasing frequency of vendor impersonation and other social engineering fraud losses, insureds would be well-advised to consult with their brokers and insurers about the risks that social engineering fraud poses to their business, and the availability of social engineering fraud-specific coverage.

American Tooling Center, Inc. v. Travelers Casualty & Surety Company of America, 2017 WL 3263356 (E.D. Mich.)

Leave a comment

Filed under Computer Fraud, Direct Loss, Social Engineering Fraud

The Brick: Alberta Court of Queen’s Bench finds no Coverage for Social Engineering Fraud Loss under Crime Policy’s Funds Transfer Fraud Insuring Agreement

By David S. Wilson and Chris McKibbin

On July 4, 2017, the Alberta Court of Queen’s Bench released its decision in The Brick Warehouse LP v. Chubb Insurance Company of Canada. The Court found that a vendor impersonation loss did not fall within the terms of a crime policy’s Funds Transfer Fraud coverage. The case represents the first social engineering fraud decision in Canada since the widespread introduction of discrete social engineering fraud coverage, and confirms the principles adopted in several recent American social engineering fraud decisions, including the Ninth Circuit’s decision in Taylor & Lieberman (see our April 3, 2017 post), on which the Court expressly relied.

The Facts

The Brick is a retailer of furniture, appliances and home electronics. In August 2010, an individual called the Brick’s accounts payable department. The caller indicated that he was calling from Toshiba and that he was missing some payment details. He added that he was new to Toshiba. The Brick employee faxed certain payment documentation to a number provided by the caller.

On August 20, 2010, a different individual in the Brick accounts payable department received an email from an individual purporting to be “R. Silbers”, using the email address silbers_toshiba@eml.cc. The individual claimed to be the controller of Toshiba, and indicated that Toshiba had changed banks from the Bank of Montreal (“BMO”) to the Royal Bank of Canada (“RBC”). The email indicated that all payments should be made to the new RBC account, and provided the necessary information to transfer money into the account.

That Brick employee proceeded to change the bank information for Toshiba in the Brick’s payment system to reflect the RBC account information. The employee simply followed the Brick’s standard practice on changing account information. No one from the Brick took any independent steps to verify the change in bank accounts, nor did anyone contact Toshiba.

As a result of the fraud, the Brick directed payment on 10 Toshiba invoices to the RBC account. The real Toshiba eventually followed up on its outstanding receivables, at which point the fraud came to light. The Brick incurred a net loss of $224,475.

The Brick submitted a claim to Chubb under its Funds Transfer Fraud coverage. Chubb denied the claim on March 15, 2012, on the basis that the Brick’s instructions to its own bank had emanated from an authorized employee of the Brick, and that the instructions were not themselves fraudulent. The matter was tried in 2017.

The Funds Transfer Fraud Coverage

The Chubb policy indemnified for “Funds Transfer Fraud by a Third Party”, and defined Funds Transfer Fraud as:

… the fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver money or securities from any account maintained by an insured at such institution without an insured’s knowledge or consent.

The Court interpreted the insuring agreement as requiring that the Brick demonstrate that its bank transferred funds out of the Brick’s account under instructions from a third party impersonating the Brick. Coverage would not be available if the Brick knew about, or consented to, the instructions given to its bank.

The Court then considered how U.S. decisions such as Taylor & Lieberman had addressed this point:

There is no doubt that funds were transferred out of the Brick’s account. The question really is whether the funds were transferred under instructions from an employee who did not know about or consent to the fraudulent transactions.

 In this case, the funds were transferred by a Brick employee as a result of fraudulent emails. [Chubb] seeks to have the court follow [Taylor & Lieberman]. In [that] case, the Ninth Circuit Court of Appeals examined a case with very similar facts. Emails were sent to a company employee who then acted upon them, transferring money out of the insured’s account. The emails were fraudulent. The court held that the insurer was not liable because the Taylor & Lieberman employee requested and knew about the transfers. Although the employee did not know that the email instructions were fraudulent, the employee did know about the transfers. [emphasis added]

The Court further considered the meaning of the terms “knowledge” and “consent” in the definition of Funds Transfer Fraud, noting that:

The Brick contends that the policy provision states that Chubb will pay for direct loss resulting from funds transfer fraud by a third-party, and the focus should be on the fraud itself and not on the fraudulent instructions. While it is true that [the Funds Transfer Fraud insuring agreement] does state that, that clause must be examined in conjunction with the definition of fund transfer fraud contained in the contract. That definition includes the words “insured’s knowledge or consent”. There is no definition in the contract of either the term “knowledge” or “consent”. …

 When a word or a term is undefined, the word should be given its “plain, ordinary and popular” meaning, “such as the average policy holder of ordinary intelligence, as well as the insurer, would attach to it”. One of the definitions of consent is “permission for something to happen, or agreement to do something.” Examining the facts, a Brick employee did give instructions to the bank to transfer funds. The employee was permitting the bank to transfer funds out of the Brick’s account. Consequently, the transfer was done with either the Brick’s knowledge or consent. Even applying the contra proferentem rule, the Brick still consented to the funds transfer. [emphasis added]

The Court concluded by noting that, while the fraudulent emails were undoubtedly the work of a Third Party, the actual transfer instructions were issued by a Brick employee; the transfer itself was not effected by a Third Party. Consequently, the requisite elements of the insuring agreement were not made out.

Conclusion

The Brick provides a Canadian counterpart to recent American social engineering fraud decisions such as Taylor & Lieberman and Apache (see our October 24, 2016 post). The decision covers two points of interest to fidelity claims professionals. First, it confirms that the “fraudulent instructions” to a financial institution contemplated by the Funds Transfer Fraud insuring agreement must be instructions which are themselves fraudulent, rather than authorized instructions issued by the insured which contain mistaken information due to an antecedent fraud. Second (and, effectively, a corollary of the first), it confirms that the instructions to the financial institution must emanate from a third party, rather than from the insured or an employee thereof.

The proliferation of social engineering frauds has created new risks for insureds, and fidelity insurers have responded by creating discrete social engineering fraud coverages. Like its American predecessors, The Brick serves as a reminder to businesses (and to their brokers) of how a business may be exposed to an uninsured loss in the event that it does not maintain such coverage.

The Brick Warehouse LP v. Chubb Insurance Company of Canada, 2017 ABQB 413 [Note: this decision does not appear to be accessible online; please contact us if you would like a copy.]

Leave a comment

Filed under Funds Transfer Fraud, Social Engineering Fraud

3M: Eighth Circuit applies Crime Policy’s Ownership Condition in finding No Coverage for Loss of Undistributed Limited Partnership Earnings in Investment Fraud

By David S. Wilson, John Tomaine and Chris McKibbin

On May 31, 2017, the Eighth Circuit Court of Appeals released its decision in 3M Company v. National Union Fire Insurance Company of Pittsburgh, PA. The Court affirmed the decision of the U.S. District Court for the District of Minnesota (see our October 13, 2015 post), which had applied a crime policy’s ownership condition in ruling that the insured did not have coverage for the loss of investment earnings incurred when an investment entity in which it had a limited partnership interest collapsed due to the entity’s principals’ Ponzi scheme. The Eighth Circuit’s decision provides a good illustration of the interaction between the ownership condition and statutory and common law concepts of “ownership” as they relate to partnerships.

The Facts

In 1999, 3M began investing its employee benefit plan assets in WG Trading Company LP (“WG Trading”). 3M’s investment was structured as a limited partnership in WG Trading. The principals of WG Trading also maintained another entity, WG Trading Investors, LP (“WG Investors”), which was a limited partner in WG Trading. WG Trading was a regulated and audited entity, whereas WG Investors was not.

Unbeknownst to 3M, the principals of WG Trading and WG Investors were running a Ponzi scheme and, over the course of several years, diverted hundreds of millions of dollars from the two entities for their personal use. The SEC and the CFTC initiated civil lawsuits against the WG entities and the principals, and obtained receivership orders. The receiver had considerable success in recovering assets. 3M was able to recover all of the net capital contributions that it had invested in WG Trading.

Nevertheless, 3M took the view that it had still suffered a loss, since at least some of its capital had been invested by WG Trading in legitimate vehicles and had produced legitimate earnings, but 3M was never paid those legitimate earnings. 3M submitted a claim to National Union under its Blanket Crime Policy, and to its excess crime insurers under their follow-form excess policies.

The Ownership Condition

National Union determined that there was no coverage under the policy because, even if the invested funds generated legitimate earnings, the earnings did not fall within the requirements of the ownership condition set out in Endorsement 8 to the policy, which provided, in relevant part, that:

The insured property may be owned by the Insured, or held by the Insured in any capacity whether or not the Insured is legally liable, or may be property as respects which the Insured is legally liable.

National Union took the view that, even if 3M’s investment with WG Trading generated legitimate earnings that could be quantified and attributed to 3M, those earnings were not (i) owned by 3M; (ii) held by 3M in any capacity; nor (iii) property for which 3M was legally liable. 3M argued that the ownership condition did not apply or, in the alternative, that it could be applied in a manner that would bring the claim within coverage.

Before the Eighth Circuit, 3M’s first argument was that the ownership condition did not even apply, as the relevant insuring agreement encompassed “Money, Securities or other property”. 3M asserted that the ownership condition did not apply to coverage for theft of “other” property, because the ownership condition only applied to “insured” property, and the insuring agreement did not specify whose “other” property was covered.

The Eighth Circuit, like the District Court before it, made short work of this argument:

Although the Employee Dishonesty provision does not expressly state whose other property is covered, it is entirely unreasonable to interpret the provision as extending coverage under the Policy to other property that is not insured property. Interpreting the Employee Dishonesty provision as extending to coverage to other property that is not insured property runs afoul of Endorsement 8, which details the property and interests that are covered under the Policy. Thus, when viewed within its context and with common sense, the only reasonable construction of the Employee Dishonesty provision limits coverage under the provision to insured property. Thus, we determine that the ownership requirement of Endorsement 8, which defines insured property, applies to the Employee Dishonesty provision.

3M’s second argument was that, if the ownership condition applied, 3M “owned” the lost earnings because it had a right to possess the earnings and the Court should interpret the condition broadly. The Eighth Circuit rejected this contention as well, essentially adopting the reasoning of the District Court:

However, up until the point at which the earnings were distributed to the partners, the stolen earnings were property of WG Trading — not property of 3M. It is fundamental that property acquired with partnership funds is partnership property, and individual partners do not own partnership assets until the winding up of the partnership.

3M’s final argument was that it met the ownership condition because it had ERISA fiduciary duties relating to the earnings, which rendered 3M “legally liable” for the earnings within the meaning of Endorsement 8. While the District Court did not address the substance of this argument at first instance, the Eighth Circuit considered the argument on the merits and rejected it, holding that:

the ERISA regulation does not alter general commercial property rights, but merely defines the nature and scope of the fiduciary duties owed to plan participants. Thus, this does not affect the ownership nature of WG Trading’s partnership assets. [emphasis added; citations omitted]

As a result, 3M could not bring the lost earnings within the ambit of the ownership condition, and no coverage was available.

Conclusion

The Eighth Circuit’s decision in 3M provides two key findings of assistance to fidelity insurers. First, it rejects the contention that the ownership condition acts as anything other than a pre-condition for recovery under a fidelity policy. Insureds (or their counsel) occasionally contend that there is a dichotomy between an insuring agreement and the ownership condition. The ownership condition, like other conditions in a crime policy, is intended to clarify the coverage provided under insuring agreements. Here, the Court recognized that the ownership condition was to be construed in harmony with, and supportive of, the relevant insuring agreement, and explained why the insured’s attempt to distinguish between “other property” and “insured property” was without merit. A loss must fall within an insuring agreement, and must also meet the ownership condition, in order to trigger coverage.

Second, the Eighth Circuit affirmed the District Court’s analysis of the limited partnership agreements in issue (and its application of state law) in concluding that what 3M actually “owned” was not any of WG Trading’s assets, but rather a limited partnership interest in WG Trading itself, with only the possibility of future receipt of earnings upon distribution.

The same general principles of partnership law apply in Canadian common law jurisdictions such as Ontario. For example, subsection 21(1) of the Ontario Partnerships Act makes it clear that partnership property is legally distinct from property owned by the partners themselves. Thus, it is arguable that a similar result should follow, were such a claim to be litigated north of the border.

[Editors’ Note: Our guest co-author, John Tomaine, is the owner of John J. Tomaine LLC, a fidelity insurance and civil mediation consultancy in New Jersey.  After over thirty-one years with the Chubb Group of Insurance Companies, he retired as a Vice President in 2009.  He is an attorney admitted in Connecticut and New Jersey, and holds a Master’s Degree in Diplomacy and International Relations.  He is available to serve as an expert witness in fidelity claim litigation and to consult on fidelity claim and underwriting matters.]

3M Company v. National Union Fire Insurance Company of Pittsburgh, PA., 2017 WL 2347105 (8th Cir.)

Leave a comment

Filed under Ownership

Khazai Rug: Court of Appeals of Kentucky applies Crime Policy’s Inventory Exclusion to Alleged Employee Theft Loss

By David S. Wilson and Chris McKibbin

The inventory exclusion precludes an insured from proving an employee theft loss solely by reliance on inventory calculations, independent of other proof of actual employee theft. A recent decision of the Court of Appeals of Kentucky, Khazai Rug Gallery, LLC v. State Auto Property & Casualty Insurance Company, provides a good example of the application of the inventory exclusion, and makes important findings with respect to whether it is appropriate to infer a connection between a demonstrated instance of employee theft and another similar instance for which there is insufficient independent evidence.

The Facts

Khazai Rug Gallery (“Khazai”) was a rug vendor. It incurred two demonstrated employee theft losses and two other alleged losses. The first demonstrated loss involved missing rugs. Two rugs were found to be missing from storage. The president of Khazai confronted the suspect employee. The employee admitted stealing five rugs and then returned them. Khazai then performed an inventory count and concluded that 79 rugs were missing. No employee admitted to stealing the 79 rugs, and no surveillance footage existed to prove that the rugs were stolen. The only evidence of a loss was the inventory computation.

The second demonstrated loss involved cash. The president discovered that $800 in cash was missing from a sales desk. Surveillance footage showed that an employee had stolen the money from a drawer. The president then recalled that he had previously placed $16,800 in cash in his office and that, when he went to check on it, he found that it was missing. The employee only admitted to stealing the $800, and paid it back as restitution. No proof of the $16,800 loss existed, other than the president’s statement.

The Inventory Exclusion

Khazai submitted claims under its employee dishonesty coverage for the 79 rugs and the $16,800 in cash. The insurer concluded that the inventory exclusion applied. This exclusion, and its exception, were paraphrased by the Court as follows:

Both contracts contained the same exclusion for employee theft: State Auto would not pay claims when the proof of the loss was solely dependent on an “inventory computation” or “a profit and loss computation[.]” Only “where you establish wholly apart from such computations that you have sustained a loss, then you may offer your inventory records and actual physical count of inventory in support of the amount of loss claimed.”

The Court explained the rationale for the inventory exclusion:

Similar and identical inventory exclusion clauses have been in use by the insurance industry for more than half a century. They were created to address the problem of insurance claims where employers believed their employees had stolen items from their stores, but the losses could only be explained by bookkeeping that could simply be an accounting error or a product of negligence or wastage or pilferage unconnected to employee theft. [citations omitted]

Khazai Rug attempted to demonstrate that there was independent evidence of employee thefts of both rugs and cash, as the theft of the five rugs and the $800 in cash had been proven by admissions and surveillance evidence. Thus, Khazai Rug contended, the 79-rug loss and the missing $16,800 were simply computations of total losses resulting from prior demonstrated acts of employee thefts of rugs and cash.

The Court rejected this contention, observing that:

Khazai’s allegations of employee theft are equally infirm. Both the [five] stolen rugs and the stolen [$800 in] cash were singular, proven incidents where Khazai was made whole and suffered no loss. … Khazai did not perform additional investigative measures to discover a pattern of loss, nor did it establish any independent evidence that more than five rugs and $800 in cash were stolen. … Khazai’s sole proof that 79 rugs and $16,800 were stolen was its inventory computation. As was the case in Teviro Casuals, an isolated theft cannot form the prima facie evidence of other thefts absent some evidentiary basis other than an inventory computation.

In the absence of any such evidence, the Court declined to infer any connection between the demonstrated losses and the alleged losses. As a result, no independent evidence of employee dishonesty existed, and the exclusion applied:

… a business with an employee theft insurance contract containing the computation exclusion must present substantive evidence demonstrating a prima facie loss and employee theft before it may utilize its inventory or profit-and-loss computations as additional evidence of the fact that there was a loss, or as proof of the loss’s value. …

Khazai’s evidence that rugs had been stolen only proves that five rugs were stolen and then returned. Khazai discovered that two rugs were missing, and upon investigation, the employee who had stolen the rugs was identified and confronted. The employee admitted to stealing five rugs, and he returned all five rugs. The employee denied taking any additional rugs, and he signed a confession admitting he took only five rugs. He later entered a guilty plea to the theft. Khazai performed an inventory almost two months later and discovered that 79 rugs were missing.

Regarding the allegedly stolen cash, Khazai’s evidence is similar. Khazai’s office manager discovered that $800 was missing, and after reviewing surveillance footage, discovered that an employee had taken the money from a drawer. The employee later pled guilty to stealing the $800 and paid restitution to Khazai. Khazai’s president then recalled he had allegedly placed $16,800 in his office desk drawer, and when he went to check on it, found it was missing. No surveillance footage was available to show it had been stolen. No employee admitted to stealing the money. And, assuming the cash was stolen, someone other than an employee could have taken it.

 Thus, aside from the inventory, the evidence only establishes that five rugs were stolen and returned. And similarly, aside from Khazai’s president’s statement that $16,800 cash was stolen from his desk, the evidence only establishes that $800 was stolen and later paid back through restitution. These facts, even viewed in a light most favorable to Khazai, are insufficient to make a prima facie employee theft case.

Conclusion

Insureds confronted with suspected losses may jump to conclusions regarding the cause of such losses, especially in an environment where there have already been similar events or where controls are poor. However, those conclusions may not always be supportable. As the Court observed, commercial crime insurers have maintained forms of the inventory exclusion for over 50 years, precisely to ensure that employee theft insurance covers demonstrated acts of employee theft only, rather than record-keeping errors, negligence, wastage or theft by non-employees.

Khazai Rug is notable for two reasons. First, much like the Eleventh Circuit’s decision in W.L. Petrey (see our September 8, 2015 post), it reinforces the requirement of independent prima facie evidence of employee dishonesty beyond inventory computations. Second, and more importantly, it provides an illustration of a court declining to infer a connection between a demonstrated instance of employee theft and another similar instance for which there is insufficient independent evidence of employee involvement.

Khazai Rug Gallery, LLC v. State Auto Property & Casualty Insurance Company, 2017 WL 945116 (Ky. Ct. App.)

Leave a comment

Filed under Employee Theft, Inventory Exclusion

Commercial Ventures: U.S. District Court holds that Insured’s Co-Owner and President is not an “Employee” under Crime Policy

By David S. Wilson and Chris McKibbin

Several recent decisions, such as Telamon Corporation v. Charter Oak Fire Insurance Company (see our March 13, 2017 post), have highlighted the importance of assessing the precise legal status of an alleged defaulter’s work relationship vis-à-vis the insured as part of a proper coverage analysis. The decision of the U.S. District Court for the Central District of California in Commercial Ventures, Inc. v. Scottsdale Insurance Company provides another example of the courts considering this challenging issue. In Commercial Ventures, the Court dealt with an alleged defaulter who was both a minority owner and the President of the insured, and specifically addressed whether contingent ownership distributions constituted “salary, wages or commissions” within the crime coverage’s definition of “Employee”.

The Facts

Commercial Ventures had two affiliated companies, Noblita, LLC (“Noblita”), which operated an apparel business, and Daylight Investors, LLC (“Daylight”), which owned 49 per cent of Noblita. Rik Guido personally owned another 49 per cent of Noblita, and was also its President. As an owner of Noblita, Guido was entitled to receive $27,500 per month, but only under certain conditions.

Noblita’s Limited Liability Company Operating Agreement (the “Operating Agreement”) defined Guido’s compensation as follows:

Mr. Guido will not be paid for such services [as President], but so long as (1) he is President of the Company and rendering his full time services to the Company (and in compliance with the terms of this Agreement) and (2) the company has adequate monies, Mr. Guido will receive a Distribution of twenty–seven thousand five hundred dollars ($27,500) per month.

The Operating Agreement defined “Distribution” as “the transfer of money or property by [Noblita] to one or more Members without separate consideration.”

In November 2013, Daylight sued Guido in state court, alleging that Guido participated in a fraudulent scheme whereby he transferred money and inventory from Noblita to a Florida-based company in which he had an ownership interest.

Commercial Ventures maintained a Business Management Indemnity Policy with Scottsdale, under which both Noblita and Daylight were additional insureds. The policy’s crime coverage included coverage for employee theft. Daylight notified Scottsdale of a potential employee theft loss arising from Guido’s alleged actions.

Scottsdale inquired as to the nature of Guido’s role with Noblita. Noblita’s controller advised that Guido was not entitled to take any distribution from Noblita unless the company had adequate monies or was profitable. The controller added that, during the majority of the months in which Guido worked for Noblita, it had negative operations and Guido was therefore not entitled to any distribution.

In Scottsdale’s view, Guido was a non-salaried member of Noblita, and was therefore not an “Employee” within the meaning of the crime coverage.

The Employee Theft Coverage

Scottsdale moved for summary judgment before the District Court on this issue. The crime coverage defined “Employee” as:

Any natural person while in the services of the Insured, including sixty (60) days after termination of service; provided the Insured:

i. compensates such person directly by salary, wages or commissions; and

 ii. has the right to direct and control such person while performing services for the Insured.

 The parties’ dispute centred on whether Guido’s contingent compensation constituted “salary, wages or commissions”. Commercial Ventures asserted that, because the crime coverage did not define the terms “salary, wages or commissions”, the terms were ambiguous. The Court considered dictionary definitions of those terms:

Salary

  • fixed compensation paid regularly for services.”
  • [a]n agreed compensation for services—esp. professional or semiprofessional services usu. Paid at regular intervals on a yearly basis, as distinguished from an hourly basis.”

Wage

  • a payment usually of money for labor or services usually according to contract and on an hourly, daily, or piecework basis.”
  • [p]ayment for labor or services, usu. Based on time worked or quantity produced; specif., compensation of an employee based on time worked or output of production.”

Commission

  • a fee paid to an agent or employee for transacting a piece of business or performing a service.”
  • [a] fee paid to an agent or employee for a particular transaction, usu. as a percentage of the money received from the transaction.”

The Court noted that the parties were in agreement that “salary, wages or commissions” constituted compensation for a person’s services, and held that:

… the Court finds that the definition of “employee” is unambiguous as it is clearly defined in the policy. In addition, “salary, wages or commissions” — words used to define “employee” — are not ambiguous as they are only subject to one interpretation in this case as well. Therefore, the issue becomes solely whether there is a triable issue of fact as to whether Plaintiff paid Mr. Guido for his services, in turn, meaning whether he was paid “salary, wages, or commissions.” [citations omitted]

The Court then considered whether Guido’s contingent compensation under the Operating Agreement could be considered “salary, wages or commissions”. The Court observed that accepting the insured’s arguments on this issue would entail that the definition of “Distribution”, which specifically indicated that distributions were made “without separate consideration”, would be meaningless, as would the provision stipulating that “Mr. Guido will not be paid for” his services as President. In accepting Scottsdale’s view, by contrast:

… the Court may give these provisions their plain meaning and may still read the Operating Agreement as a cohesive whole. In other words, in the Court’s view, it appears that the parties, as reflected in the Operating Agreement, intended to appoint Mr. Guido as President of Noblita and to provide him with ownership distributions. The Operating Agreement did not intend, however, to compensate Mr. Guido for his services as President; rather, it compensates him in his role as an owner through distributions only. Though the Operating Agreement indicates that Mr. Guido is entitled to his owner distributions only so long as he served as President, this does not mean that his owner distributions are intended to compensate him for his services. [emphasis added]

Consequently, Guido was not an “Employee” and no indemnity was available.

Conclusion

Although the decision is based on the interpretation of the specific contract between Noblita and Guido, Commercial Ventures provides general guidance as to the proper interpretation of the definition of “Employee” found in many crime coverages, as well as the meaning of the specific terms “salary, wages or commissions”. The Court rejected the insured’s contention that these terms were ambiguous, and found that ownership distributions did not fall within their ambit. The interpretive approach adopted in Commercial Ventures will be of assistance to fidelity claims professionals in assessing whether individuals who maintain both ownership and other roles within an insured come within the definition of “Employee”.

Commercial Ventures, Inc. v. Scottsdale Insurance Company, 2017 WL 1196462 (C.D. Cal.)

Leave a comment

Filed under Employee Theft

Taylor & Lieberman: Ninth Circuit finds No Coverage under Crime Policy for Client Funds lost in Social Engineering Fraud

By David S. Wilson and Chris McKibbin

In the recent decision of Taylor & Lieberman v. Federal Insurance Company, the Ninth Circuit Court of Appeals affirmed a decision of the U.S. District Court for the Central District of California holding that a business management firm did not have coverage in respect of client funds which it was fraudulently induced to wire overseas.

While the District Court had held that the insured had failed to establish that it had sustained any “direct” loss at all (see our July 14, 2015 post), the Ninth Circuit affirmed the result on other grounds, holding that the insured had also failed to establish that the loss came within the substantive requirements of any of the Forgery, Computer Fraud or Funds Transfer Fraud insuring agreements.

The Facts

Taylor & Lieberman (“T&L”) was an accounting firm which also performed business management and account oversight services for various clients, including the client in issue. Clients’ funds were held in separate bank accounts maintained with City National Bank. Clients granted Powers of Attorney over their accounts to a designated individual at T&L, permitting transactions to be made in the accounts.

A fraudster obtained access to the client’s email account and sent two emails from that account to a T&L employee, as follows:

  • The first email directed the employee to wire $94,280 to an account in Malaysia. The employee did so, and then sent a confirming email to the client’s email account.
  • The next day, the employee received another email from the client’s account directing her to wire $98,485 to an account in Singapore. The employee again complied, and again sent a confirming email to the client’s email account.

The employee then received a third email, purportedly from the client, but sent from a different email address. The employee contacted the client by phone, and discovered that all three emails were fraudulent. T&L was able to recover some of the funds, but had to reimburse its client and incurred a net loss of nearly $100,000.

T&L submitted a claim under each of its Forgery Coverage, its Computer Fraud Coverage and its Funds Transfer Fraud Coverage. The District Court held that each of these coverages required “direct loss sustained by an Insured” and that, as a matter of law, no direct loss had been sustained.

On appeal, the Ninth Circuit did not disturb the finding with respect to direct loss, but affirmed the result on the basis that T&L had failed to establish that the loss came within the scope of any of the insuring agreements.

The Forgery Coverage

The Ninth Circuit quickly dismissed T&L’s contention that this insuring agreement’s requirement of a “Forgery or alteration of a financial instrument” did not require proof of a “Forgery” of a financial instrument, because the insuring agreement required only proof of an alteration of a financial instrument or a free-standing “Forgery” of any document, of any type. The Court held that the insuring agreement plainly required either a “Forgery” or an alteration of a financial instrument.

More substantively, the Court rejected T&L’s contention that the emails to T&L were financial instruments:

Here, the emails instructing T&L to wire money were not financial instruments, like checks, drafts, or the like. See Vons Cos., Inc. v. Fed. Ins. Co. … (C.D. Cal. 1998) (holding that wire instructions, invoices, and purchase orders were not “documents of the same type and effect as checks and drafts.”). And even if the emails were considered equivalent to checks or drafts, they were not “made, drawn by, or drawn upon” T&L, the insured. Rather, they simply directed T&L to wire money from T&L’s client’s account. In sum, there is no forgery coverage.

The Computer Fraud Coverage

The Computer Fraud insuring agreement required T&L to demonstrate “an unauthorized (1) “entry into” its computer system, and (2) “introduction of instructions” that “propogate[d] themselves” through its computer system.” The Court held that the sending of an email, without more, did not constitute an unauthorized entry into T&L’s computer system. Further, the emails were not an unauthorized introduction of instructions that propagated themselves through T&L’s computer system:

The emails instructed T&L to effectuate certain wire transfers. However, under a common sense reading of the policy, these are not the type of instructions that the policy was designed to cover, like the introduction of malicious computer code. … Additionally, the instructions did not, as in the case of a virus, propagate themselves throughout T&L’s computer system; rather, they were simply part of the text of three emails.

The Funds Transfer Fraud Coverage

The Funds Transfer Fraud insuring agreement indemnified against:

fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver Money or Securities from any account maintained by an Insured Organization at such Institution, without an Insured Organization’s knowledge or consent.

The Court held that the requirements of the insuring agreement were not met:

This coverage is inapplicable because T&L requested and knew about the wire transfers. After receiving the fraudulent emails, T&L directed its client’s bank to wire the funds. T&L then sent emails confirming the transfers to its client’s email address. Although T&L did not know that the emailed instructions were fraudulent, it did know about the wire transfers.

Moreover, T&L’s receipt of the emails from its client’s account does not trigger coverage because T&L is not a financial institution.

As a result, there was no coverage available under the Federal policy.

Conclusion

Following the Fifth Circuit’s decision in Apache (see our October 24, 2016 post), the Ninth Circuit’s decision in Taylor & Lieberman provides another example of a clear trend on the part of the courts to refuse to find coverage for social engineering fraud losses under the “traditional” crime policy coverages (typically, computer fraud and funds transfer fraud coverages, but occasionally, as here, other coverages as well). The proliferation of social engineering frauds has created a new exposure for insureds, and fidelity insurers have responded by creating discrete social engineering fraud coverages. Like Apache, Taylor & Lieberman serves as a cautionary tale to businesses (and to their brokers) of how a business may be exposed to an uninsured loss in the event that it does not maintain such coverage.

Taylor & Lieberman v. Federal Insurance Company, 2017 WL 929211 (9th Cir.)

Leave a comment

Filed under Computer Fraud, Direct Loss, Forgery, Funds Transfer Fraud, Social Engineering Fraud

InComm: U.S. District Court holds that Computer Fraud Coverage does not respond in Prepaid Debit Card Scheme

By David S. Wilson, John Tomaine and Chris McKibbin

On March 16, 2017, the U.S. District Court for the Northern District of Georgia released its decision in InComm Holdings, Inc. v. Great American Insurance Company. The Court held that Great American’s computer fraud coverage did not respond where holders of prepaid debit cards used multiple simultaneous telephone calls to exploit a coding error in the insured’s computer system, thereby fraudulently increasing the balances on the cards. The Court also applied the recent appellate decisions in Apache (see our October 24, 2016 post) and Pestmaster (see our August 4, 2016 post) in holding that the loss scenario did not meet the direct loss requirement in the computer fraud insuring agreement.

The Facts

InComm was a debit card processor. Individuals could purchase prepaid debit cards issued by banks and then utilize InComm’s system to load funds onto those cards. InComm’s processing system consisted of an Interactive Voice Response (IVR) system and an Application Processing System (APS). The IVR system permitted cardholders, using telephone voice commands or touchtone codes, to load credit onto their cards. The APS provided transaction processing in respect of transaction instructions received through the IVR system. After the APS carried out the requested instruction, it would communicate the result to the IVR system, which would then report the result to the cardholder.

To add value to a card, a cardholder could purchase a chit from a retailer, which would then relay the funds to InComm by transferring them to an account maintained by InComm with Wells Fargo. To redeem the chit, the cardholder would call the IVR system and provide the unique PIN printed on the chit. The IVR system would then relay the information to the APS, which would verify the data and then add the value of the chit to the card.

After a chit is redeemed, InComm transfers the equivalent amount of funds to the bank that issued the card. The funds are then maintained by the issuing bank for the benefit of the cardholder until the cardholder makes a purchase, at which point the issuing bank remits funds to the vendor. InComm is not involved in payments by banks to vendors.

InComm contracted with Bancorp to serve as program manager for cards issued by Bancorp. When a Bancorp cardholder redeemed a chit, InComm would transfer the equivalent dollar amount from its Wells Fargo account to a special settlement account held at Bancorp in Bancorp’s name. The InComm-Bancorp contract provided that “[Bancorp] shall hold all Cardholder Balances in a fiduciary or custodial manner on behalf of [InComm] as holder[ ] of the Cardholder Balances for the benefit of Cardholders” and that “all Cardholder Balances shall be held in trust for the benefit of the Cardholders”.

For a period of several months in 2013 and 2014, there was a coding error in the IVR system which permitted a chit to be redeemed multiple times. Cardholders could exploit the coding error by making multiple simultaneous telephone calls to the IVR system, redeeming their chit multiple times, and obtaining multiples of the value of the chits, which were then used by the cardholders to make purchases. As a result of the misuse of the IVR system, InComm wired $10,769,039 to Bancorp in connection with these fraudulent transactions. Bancorp transmitted most of these funds to vendors, but currently retains $1,880,769 of the wrongfully-redeemed funds in its trust account.

The Computer Fraud Coverage

InComm submitted a claim under its computer fraud coverage, which provided that Great American would:

… pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

a. to a person (other than a messenger) outside those premises; or

b. to a place outside those premises.

Great American reasoned that the cardholders had not engaged in computer fraud within the meaning of the policy, as they had utilized telephones, not computers, to make the calls. Great American also took the view that any loss to InComm was not a loss “resulting directly” from computer fraud. The Court accepted Great American’s position on both issues.

Relying on the Ninth Circuit’s recent Pestmaster decision, the Court held that the cardholders’ telephone usage could not be construed as the “use” of a computer, notwithstanding that their telephones were ultimately communicating with a computer system:

Use” also is not defined in the Policy. The word commonly is defined as to “take, hold, or deploy (something) as a means of accomplishing or achieving something; … A person thus “uses” a computer where he takes, holds or employs it to accomplish something. That a computer was somehow involved in a loss does not establish that the wrongdoer “used” a computer to cause the loss. To hold so would unreasonably expand the scope of the Computer Fraud Provision, which limits coverage to “computer fraud.” Cf. Pestmaster … (“Because computers are used in almost every business transaction, reading [a computer fraud insurance policy] provision to cover all transfers that involve both a computer and fraud at some point in the transaction would convert this Crime Policy into a ‘General Fraud’ Policy.”). It also would violate the Court’s obligation to read the Policy “as a layman would read it and not as it might be analyzed by an insurance expert or an attorney.” … Lawyerly arguments for expanding coverage to include losses involving a computer engaged at any point in the causal chain — between the perpetrators’ conduct and the loss — unreasonably strain the ordinary understanding of “computer fraud” and “use of a[ ] computer”. …

 The Policy does not cover InComm’s losses resulting from the unauthorized redemptions, because the cardholders used telephones, not computers, to perpetrate their scheme. [emphasis added]

Direct Loss

The Court also held that InComm had not established that it had sustained a loss “resulting directly” from the cardholders’ conduct. The Court observed that, under the terms of InComm’s contract with Bancorp, InComm retained an interest, as trustee, in the funds so long as they continued to be held by Bancorp. Consequently, a transfer from InComm’s Wells Fargo account to Bancorp was not itself a loss. The earliest that a loss could occur was when funds were paid out by Bancorp to vendors to settle the cardholders’ expenditure of the fraudulently-redeemed chits.

The Court continued:

This conclusion is underscored by the fact that funds wired to Bancorp, as a result of the fraudulent chit redemptions, are still in the Bancorp Account almost three years after the chits were wrongfully redeemed. That is, these funds have not been lost. InComm’s loss thus did not result “directly” from the fraudulent redemptions, because it occurred only after InComm wired money to Bancorp, after the cardholder used his card to pay for a transaction, and after Bancorp paid the seller for the cardholder’s transaction. … The losses here did not occur when funds were sent to Bancorp’s premises. They occurred when funds were sent, by Bancorp, to the premises or accounts of merchants from which cardholders purchased goods or services. [emphasis added]

The Court also observed that, even if the loss had occurred earlier in the process (i.e., when the funds left Wells Fargo), the loss still did not result directly from the chit redemptions. Great American pointed out that those fraudulent redemptions did not automatically transfer funds to issuers like Bancorp. A redemption did not reduce the available assets in InComm’s hands; instead, a redemption only triggered InComm’s contractual obligation to an issuer to fund the redemption.

The Court agreed. Relying on Pestmaster and Apache, the Court held that:

… InComm’s loss resulted directly — that is, immediately — from InComm’s decision to wire the funds to Bancorp, not from the cardholders’ redemptions. Apache, and the cases it discusses, warn that to find coverage based on the use of a computer, without a specific and immediate connection to a transfer, would effectively convert a computer fraud provision into a general fraud provision. … To accept InComm’s argument that the cardholders’ fraudulent redemptions resulted directly in the transfer of funds from InComm to Bancorp — where InComm itself chose to make the transfer — would violate the admonition in Apache and the other cases addressing computer fraud coverage.

The computer fraud insuring agreement in InComm’s policy is identical to the one at issue in Apache. Apache involved a social engineering fraud where someone impersonating a representative of Apache’s vendor sent “new” bank information to Apache via email, resulting in invoice payments being misdirected. In that case, the Fifth Circuit pointedly used language to lay the loss at the feet of the insured:

Doubtless, had the confirmation call been properly directed, or had Apache performed a more thorough investigation, it would never have changed the vendor-payment account information. Moreover, Apache changed the account information, and the transfers of money to the fraudulent account were initiated by Apache to pay legitimate invoices … Arguably, Apache invited the computer-use at issue, through which it now seeks shelter under its policy, even though the computer-use was but one step in Apache’s multi-step, but flawed, process that ended in its making required and authorized, very large invoice-payments, but to a fraudulent bank account.  

Similarly, the Court in InComm noted that:

InComm chose to wire funds to Bancorp because it was contractually required to do so and because, despite any reconciliation or verification process it had in place, it believed the redemptions were legitimate.

Then, borrowing language from Apache, the Court stated:

As in Apache, “the authorized transfer was made to the [Bancorp] account only because, after receiving [notice of the duplicate chit redemptions], [InComm] failed to investigate accurately new, but fraudulent, information provided to it.” [emphasis added].

Not only did the Apache and InComm courts refuse to find an “immediate” relationship between the alleged conduct and the claimed losses, they each observed that investigatory lapses on the part of the insureds could be considered intervening and superseding causes of their losses.

Conclusion

Although it arises from a rather complicated set of facts and legal relationships, InComm provides helpful general guidance on both the “use of a computer” and the “direct loss” requirements found in computer fraud insuring agreements.

The courts in Apache and Pestmaster recognized that computers are involved in virtually every business transaction, and that interpreting computer fraud coverage to cover every loss that involves both a computer and fraud at some point in the transaction would turn such coverage into a “general fraud policy”. The Court in InComm built on this insight by interpreting “the use of any computer to fraudulently cause a transfer” to require the fraudster’s use of a computer, not the use of a telephone to interact with the insured’s computer.

Further, the Court implicitly applied a “direct means direct” causation approach in finding that the loss was not one resulting directly from the cardholders’ conduct. This is underscored by the Court’s requiring a “specific and immediate connection” between the conduct and the loss, which could not be established, given the intervening steps which occurred here.

[Editors’ Note: Our guest co-author, John Tomaine, is the owner of John J. Tomaine LLC, a fidelity insurance and civil mediation consultancy in New Jersey.  After over thirty-one years with the Chubb Group of Insurance Companies, he retired as a Vice President in 2009.  He is an attorney admitted in Connecticut and New Jersey, and holds a Master’s Degree in Diplomacy and International Relations.  He is available to serve as an expert witness in fidelity claim litigation and to consult on fidelity claim and underwriting matters.]

InComm Holdings, Inc. v. Great American Insurance Company, 2017 WL 1021749 (N.D. Ga.)

Leave a comment

Filed under Computer Fraud, Direct Loss